lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 26 Mar 2010 01:51:41 -0400
From:	Haile Seifu <haile.seifu@...il.com>
To:	netdev@...r.kernel.org
Subject: IPv6 neighbor advertisements

Hi,


I have been running some tests involving IPv6 neighbor discovery.

When a neighbor advertisement is received by the Kernel and the
follwing is true:

    - the advertisement's solicited flag is set,
    - the advertisement's override flag is clear,
    - the advertisement's link layer address differs from what is in
the corresponding neighbor cache entry, and
    - the corresponding neighbor cache entry state is neither
INCOMPLETE or REACHABLE

then it appears that the cache entry gets updated from STALE/DELAY to
REACHABLE.  According to RFC 2461/4861 section
7.2.5, the advertisement in the above scenario should be ignored and
MUST NOT update the neighbor cache entry

I was curious about why the following code in net/core/neighbour.c,
function neigh_update, updates the neigh->confirmed
and neigh->updated fields (in lines 1039-1041) when the else-condition
(the scenario described above) is still possible in
lines 1055-1056.

By the way, the "new" flag is set based on the solicited flag of the
neighbor advertisement, so the if-condition on line 1039 will
be true.

net/core/neighbour.c (version linux-2.6.34-rc1):


982  int neigh_update(struct neighbour *neigh, const u8 *lladdr, u8 new,
983                 u32 flags)
984  {
...
...
...
1039        if (new & NUD_CONNECTED)
1040                neigh->confirmed = jiffies;
1041        neigh->updated = jiffies;
1042
1043        /* If entry was valid and address is not changed,
1044           do not change entry state, if new one is STALE.
1045         */
1046        err = 0;
1047        update_isrouter = flags & NEIGH_UPDATE_F_OVERRIDE_ISROUTER;
1048        if (old & NUD_VALID) {
1049                if (lladdr != neigh->ha && !(flags &
NEIGH_UPDATE_F_OVERRIDE)) {
1050                        update_isrouter = 0;
1051                        if ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) &&
1052                            (old & NUD_CONNECTED)) {
1053                                lladdr = neigh->ha;
1054                                new = NUD_STALE;
1055                        } else
1056                                goto out;
1057                } else {
1058                        if (lladdr == neigh->ha && new == NUD_STALE &&
1059                            ((flags & NEIGH_UPDATE_F_WEAK_OVERRIDE) ||
1060                             (old & NUD_CONNECTED))
1061                            )
1062                                new = old;
1063                }
1064        }
.
.
.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ